/**
 * @Author: wzx
 * @Description:
 * @Version: 1.0.0
 * @Date: 2021/1/16 上午5:01
 * @Copyright: MIN-Group；国家重大科技基础设施——未来网络北大实验室；深圳市信息论与未来网络重点实验室
 */

//显示的去定义证书的错误，这里是x509的错误类型，选择一部分
const InvalidReason = {
	// Wrong version.
	IncompatibleVersion:  0,
	// The certificate does not reach the effective date.
	NotReachEffectiveDate:  1,
	// NotAuthorizedToSign results when a certificate is signed by another
	// which isn't marked as a CA certificate.
	NotAuthorizedToSign:  2,
	// Expired results when a certificate has expired, based on the time
	// given in the VerifyOptions.
	Expired:  3,
	// Marshal or unmarshal fails.
	MarshalError:  4,
	// Error happens when trying to verify a signature
	SignatureError:  5,
	//Unknown SignatureAlgorithm
	UnknownSignatureAlgorithm:  6,


	// Below Not Use
	// CANotAuthorizedForThisName results when an intermediate or root
	// certificate has a name constraint which doesn't permit a DNS or
	// other name (including IP address) in the leaf certificate.
	CANotAuthorizedForThisName:  7,
	// TooManyIntermediates results when a path length constraint is
	// violated.
	TooManyIntermediates:  8,
	// IncompatibleUsage results when the certificate's key usage indicates
	// that it may only be used for a different purpose.

	// IncompatibleUsage results when the certificate's key usage indicates
	// that it may only be used for a different purpose.
	IncompatibleUsage:  9,
	// NameMismatch results when the subject name of a parent certificate
	// does not match the issuer name in the child.
	NameMismatch:  10,
	// NameConstraintsWithoutSANs results when a leaf certificate doesn't
	// contain a Subject Alternative Name extension, but a CA certificate
	// contains name constraints, and the Common Name can be interpreted as
	// a hostname.
	//
	// You can avoid this error by setting the experimental GODEBUG environment
	// variable to "x509ignoreCN=1", disabling Common Name matching entirely.
	// This behavior might become the default in the future.
	NameConstraintsWithoutSANs:  11,
	// UnconstrainedName results when a CA certificate contains permitted
	// name constraints, but leaf certificate contains a name of an
	// unsupported or unconstrained type.
	UnconstrainedName:  12,
	// TooManyConstraints results when the number of comparison operations
	// needed to check a certificate exceeds the limit set by
	// VerifyOptions.MaxConstraintComparisions. This limit exists to
	// prevent pathological certificates can consuming excessive amounts of
	// CPU time to verify.
	TooManyConstraints:  13,
	// CANotAuthorizedForExtKeyUsage results when an intermediate or root
	// certificate does not permit a requested extended key usage.
	CANotAuthorizedForExtKeyUsage:  14
}

// CertificateInvalidError results when an odd error occurs. Users of this
// library probably want to handle all these errors uniformly.
class CertificateInvalidError  {
    constructor(Reason, Detail) {
		this.Reason = Reason
        this.Detail = Detail
	}
    Error(){
        switch (this.Reason) {
            case IncompatibleVersion:
                return "min-cert: certificate has wrong version number"
            case NotReachEffectiveDate:
                return "min-cert: certificate does not reach the effective date: " + this.Detail
            case NotAuthorizedToSign:
                return "min-cert: certificate is not authorized to sign other certificates"
            case Expired:
                return "min-cert: certificate has expired or is not yet valid: " + this.Detail
            case MarshalError:
                return "min-cert: marshal or unmarshal fails: " + this.Detail
            case SignatureError:
                return "min-cert: Error happens when trying to verify a signature: " + this.Detail
            case UnknownSignatureAlgorithm:
                return "min-cert: Unknown SignatureAlgorithm: " + this.Detail
        
        
            // Below Not Use
            case CANotAuthorizedForThisName:
                return "min-cert: a root or intermediate certificate is not authorized to sign for this name: " + this.Detail
            case CANotAuthorizedForExtKeyUsage:
                return "min-cert: a root or intermediate certificate is not authorized for an extended key usage: " + this.Detail
            case TooManyIntermediates:
                return "min-cert: too many intermediates for path length constraint"
            case IncompatibleUsage:
                return "min-cert: certificate specifies an incompatible key usage"
            case NameMismatch:
                return "min-cert: issuer name does not match subject from issuing certificate"
            case NameConstraintsWithoutSANs:
                return "min-cert: issuer has name constraints but leaf doesn't have a SAN extension"
            case UnconstrainedName:
                return "min-cert: issuer has name constraints but leaf contains unknown or unconstrained name: " + this.Detail
            }
            return "min-cert: unknown error"
    }
}

module.exports = {
    InvalidReason: InvalidReason,
    CertificateInvalidError: CertificateInvalidError
}